A bot herder is a hacker that seeks out vulnerable computers and infects them so that they can be controlled as a botnet. Bot herders may also be bot masters, in which case they use the compromised systems for various types of cyber activities, such as conducting distributed denial of service (DDOS) attacks, running click fraud or ad fraud schemes or propagating malware. In other cases, the bot herder may be providing hacking as a service and leasing access to the compromised systems to a third party.
Bot herders use specialized software that scans network ranges for systems with vulnerabilities that allow them to gain control of the machines. They generally use pseudonyms to remain anonymous. To conceal their IP addresses and physical locations, bot herders often use proxy servers and shell accounts. Bot masters may use command and control programs, Internet Relay Chat channels or even Twitter feeds to issue commands to the bots.
The main business of a bot herder is infecting new computers with malware. Because infected systems are constantly being detected, the eventual discovery is built into the business model. Success is determined by infecting new computers at roughly the same rate as existing infections are getting caught so there’s always a fresh supply.